From ff2549be1d929a6915623ad583718a62163c9b8a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 19 Jan 2010 19:10:03 +0000
Subject: [PATCH] PR: 2144 Submitted by: Robin Seggelmann
 <seggelmann@fh-muenster.de>

Better fix for PR#2144
---
 apps/apps.c   | 1 +
 ssl/d1_srvr.c | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/apps.c b/apps/apps.c
index 35b62b8b09..fbe05f9588 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1137,6 +1137,7 @@ int set_cert_ex(unsigned long *flags, const char *arg)
 		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
 		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
 		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+		{ "extensions", ~X509_FLAG_NO_EXTENSIONS, 0xffffffffl},
 		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
 		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
 		{ "no_aux", X509_FLAG_NO_AUX, 0},
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index a7a9599d0f..499e2bba51 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -264,7 +264,6 @@ int dtls1_accept(SSL *s)
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
 			dtls1_stop_timer(s);
-			s->new_session = 2;
 
 			if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
 				s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
@@ -290,7 +289,6 @@ int dtls1_accept(SSL *s)
 			ret = dtls1_send_hello_verify_request(s);
 			if ( ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
-			s->new_session = 0;
 			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
 
 			/* HelloVerifyRequests resets Finished MAC */
@@ -300,6 +298,7 @@ int dtls1_accept(SSL *s)
 			
 		case SSL3_ST_SW_SRVR_HELLO_A:
 		case SSL3_ST_SW_SRVR_HELLO_B:
+			s->new_session = 2;
 			dtls1_start_timer(s);
 			ret=dtls1_send_server_hello(s);
 			if (ret <= 0) goto end;
-- 
2.25.1